mirror of
https://github.com/cmur2/dyndnsd.git
synced 2025-08-08 08:33:56 +02:00
Compare commits
199 Commits
Author | SHA1 | Date | |
---|---|---|---|
![]() |
7bcaf18f7e | ||
![]() |
c0d69f591f | ||
![]() |
2228e742cf | ||
![]() |
e7f528377b | ||
![]() |
537682804f | ||
![]() |
7ffab915ac | ||
![]() |
d515a87640 | ||
![]() |
4a7eba5ad6 | ||
![]() |
52bb8ee9d2 | ||
![]() |
eb1d88807b | ||
![]() |
7c2104b0ce | ||
4237d35fcc | |||
![]() |
451ed20f5d | ||
![]() |
a2879c6c9a | ||
![]() |
f882381f9d | ||
![]() |
fb536da665 | ||
![]() |
49b7b07b52 | ||
![]() |
2854155db2 | ||
![]() |
b40c6f8c30 | ||
![]() |
44605f0f04 | ||
![]() |
63bf4123bd | ||
![]() |
990d4617e8 | ||
![]() |
0030e41a8d | ||
![]() |
97a913f97c | ||
![]() |
b1ff774a55 | ||
![]() |
683767ed8c | ||
![]() |
a45c1cca82 | ||
![]() |
0a053ad577 | ||
![]() |
51eae6da2f | ||
![]() |
fa1d9c7e30 | ||
![]() |
b56adc8b79 | ||
![]() |
88c8bcefeb | ||
![]() |
6c8510910a | ||
![]() |
6faae0d0fd | ||
![]() |
3b34e00fc3 | ||
![]() |
d1463cc790 | ||
![]() |
aea182efcb | ||
![]() |
990dc14a48 | ||
558445af2e | |||
3f784ccaa1 | |||
dbc61d72fb | |||
2838ad9eae | |||
![]() |
84e513b4a2 | ||
![]() |
0a4a052cc9 | ||
![]() |
b9f0a07aba | ||
![]() |
cb9f6f7027 | ||
12dcc3eb42 | |||
90f4442e94 | |||
![]() |
193997958f | ||
9eb9849004 | |||
![]() |
4df5b8fa63 | ||
![]() |
45b522f7cc | ||
![]() |
817dd810e3 | ||
09461aa013 | |||
![]() |
367a542f74 | ||
![]() |
6642d9a7a2 | ||
9580f1478f | |||
6c91c46378 | |||
e622ab292a | |||
507e6a36fd | |||
0a2afb1e4c | |||
![]() |
6e7d4ea985 | ||
809e2dd5d1 | |||
bdda57c4bc | |||
8c5240bbf7 | |||
aecc55e9e7 | |||
![]() |
7b8485cacc | ||
![]() |
0134b7bee1 | ||
![]() |
fc9ef9ae31 | ||
3a31315d9e | |||
![]() |
db8c5cd682 | ||
![]() |
29c779c05d | ||
![]() |
036fcbc7a0 | ||
![]() |
aabaa11c61 | ||
![]() |
632cd2bd99 | ||
![]() |
60cbe7c8c1 | ||
e5f82b4ef5 | |||
![]() |
794d060fe6 | ||
![]() |
761dbe769f | ||
d8dc69de8b | |||
4b3302bb49 | |||
![]() |
1a59d6f79a | ||
![]() |
84429c066f | ||
![]() |
9768424628 | ||
![]() |
882fcbe13b | ||
![]() |
7580e87a30 | ||
![]() |
6c1d44b388 | ||
![]() |
a67418653d | ||
![]() |
b1f9e39fc4 | ||
b8fd42fd85 | |||
e806517b18 | |||
![]() |
7a2d3a90ac | ||
![]() |
c5929bbbbd | ||
![]() |
98e6b3a711 | ||
![]() |
3d4bfc0158 | ||
afd95a81c3 | |||
![]() |
f3cc8fc03a | ||
![]() |
dcd4201523 | ||
![]() |
781379d879 | ||
![]() |
429bbff838 | ||
![]() |
bc97a0fc05 | ||
![]() |
47a73fd149 | ||
fe2ef47675 | |||
fc0fe3c6d5 | |||
![]() |
d4bcac2d5b | ||
![]() |
0f57c6f305 | ||
![]() |
50d71f5e54 | ||
![]() |
2120450659 | ||
![]() |
fdb3274785 | ||
![]() |
5d41a1b77e | ||
f716afe84d | |||
b73416d775 | |||
![]() |
43dd527485 | ||
![]() |
2c629f8bbc | ||
![]() |
1db9c4a6ee | ||
![]() |
b1eca52235 | ||
![]() |
4987ec2264 | ||
ad01f9a9dd | |||
6aa8c10ae0 | |||
6afed2049a | |||
199ccf7665 | |||
7c77b7304a | |||
243f679d7f | |||
085f75c6dd | |||
0e96359429 | |||
6374837156 | |||
53af02398d | |||
16706071b7 | |||
43f089ce70 | |||
![]() |
15c3e587ff | ||
![]() |
b438ed097f | ||
![]() |
337c779410 | ||
b004b4d1e7 | |||
3cbc0a3f01 | |||
c675a347d1 | |||
![]() |
70ec21af94 | ||
![]() |
920d82f073 | ||
![]() |
dee9beb4e0 | ||
![]() |
08e92a0772 | ||
![]() |
eb1c107bf3 | ||
![]() |
a75d9dc5e6 | ||
![]() |
3af42e4c20 | ||
![]() |
aae2a633c5 | ||
![]() |
c7aed4353a | ||
c335a96e12 | |||
c2ed69da6d | |||
![]() |
b2d421154e | ||
5444782ead | |||
1c1bcd253a | |||
23c09f722c | |||
e29b451de4 | |||
d89c1c6091 | |||
2a7ea2bb8f | |||
94823dc041 | |||
![]() |
4c25b9b66b | ||
fb42c57ff1 | |||
![]() |
268e18f2e5 | ||
e8e9e0cb71 | |||
![]() |
8819d6058a | ||
dc325d686e | |||
![]() |
f0aeea96d4 | ||
ff136f7b16 | |||
![]() |
377a6ac179 | ||
![]() |
2cc45e5c0f | ||
19683672d1 | |||
4c1fb5783d | |||
d8f5618006 | |||
e063b6cb4c | |||
![]() |
f64bcc0780 | ||
![]() |
568ea08543 | ||
![]() |
5c16524788 | ||
d1c1a98e47 | |||
d62bf71820 | |||
156557c6d7 | |||
fd1d58abd6 | |||
![]() |
fc4d731434 | ||
![]() |
8b42a916d0 | ||
![]() |
e899488fa9 | ||
6ed0799f49 | |||
5b332d8f57 | |||
0de5078d9d | |||
![]() |
72c8dda7dd | ||
e36b210f66 | |||
fcc3f12284 | |||
bf68049260 | |||
35ced6468e | |||
4833328557 | |||
25e70f484d | |||
617fbf538b | |||
5cce42f4c7 | |||
093efc77ef | |||
![]() |
2368099f7d | ||
![]() |
708cd13237 | ||
a89a263250 | |||
af102f23ec | |||
![]() |
950c985ad1 | ||
b2d9b7745f | |||
09aa2b127c | |||
618b2c823d |
9
.editorconfig
Normal file
9
.editorconfig
Normal file
@@ -0,0 +1,9 @@
|
||||
root = true
|
||||
|
||||
[*]
|
||||
indent_style = space
|
||||
indent_size = 2
|
||||
end_of_line = lf
|
||||
charset = utf-8
|
||||
trim_trailing_whitespace = true
|
||||
insert_final_newline = true
|
17
.github/actionlint-matcher.json
vendored
Normal file
17
.github/actionlint-matcher.json
vendored
Normal file
@@ -0,0 +1,17 @@
|
||||
{
|
||||
"problemMatcher": [
|
||||
{
|
||||
"owner": "actionlint",
|
||||
"pattern": [
|
||||
{
|
||||
"regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$",
|
||||
"file": 1,
|
||||
"line": 2,
|
||||
"column": 3,
|
||||
"message": 4,
|
||||
"code": 5
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
41
.github/renovate.json5
vendored
Normal file
41
.github/renovate.json5
vendored
Normal file
@@ -0,0 +1,41 @@
|
||||
{
|
||||
extends: [
|
||||
"config:base",
|
||||
":dependencyDashboard",
|
||||
":prHourlyLimitNone",
|
||||
":prConcurrentLimitNone",
|
||||
":label(dependency-upgrade)",
|
||||
],
|
||||
schedule: ["before 8am on thursday"],
|
||||
branchPrefix: "renovate-",
|
||||
dependencyDashboardHeader: "View repository job log [here](https://app.renovatebot.com/dashboard#github/cmur2/dyndnsd).",
|
||||
separateMinorPatch: true,
|
||||
commitMessagePrefix: "project: ",
|
||||
commitMessageAction: "update",
|
||||
commitMessageTopic: "{{depName}}",
|
||||
commitMessageExtra: "to {{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}",
|
||||
packageRules: [
|
||||
// Ruby dependencies are managed by depfu
|
||||
{
|
||||
matchManagers: ["bundler"],
|
||||
enabled: false,
|
||||
},
|
||||
// Commit message formats
|
||||
{
|
||||
matchDatasources: ["docker"],
|
||||
commitMessagePrefix: "docker: ",
|
||||
},
|
||||
{
|
||||
matchManagers: ["github-actions"],
|
||||
commitMessagePrefix: "ci: ",
|
||||
},
|
||||
],
|
||||
regexManagers: [
|
||||
{
|
||||
fileMatch: ["\.rb$", "^Rakefile$"],
|
||||
matchStrings: [
|
||||
"renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s.*_version = '(?<currentValue>.*)'\\s"
|
||||
]
|
||||
},
|
||||
],
|
||||
}
|
51
.github/workflows/cd.yml
vendored
Normal file
51
.github/workflows/cd.yml
vendored
Normal file
@@ -0,0 +1,51 @@
|
||||
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
||||
---
|
||||
name: cd
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- 'v*.*.*'
|
||||
|
||||
jobs:
|
||||
release-dockerimage:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
|
||||
- name: Extract dyndnsd version from tag name
|
||||
run: |
|
||||
echo "DYNDNSD_VERSION=${GITHUB_REF#refs/*/v}" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Wait for dyndnsd ${{ env.DYNDNSD_VERSION }} gem to be available
|
||||
run: |
|
||||
set +e
|
||||
for retry in $(seq 1 5); do
|
||||
echo "Checking if dyndnsd $DYNDNSD_VERSION gem is retrievable from rubygems.org (try #$retry)..."
|
||||
sudo gem install dyndnsd -v "$DYNDNSD_VERSION"
|
||||
# shellcheck disable=SC2181
|
||||
if [ $? -eq 0 ]; then
|
||||
exit 0
|
||||
fi
|
||||
sleep 60
|
||||
done
|
||||
exit 1
|
||||
|
||||
# https://github.com/marketplace/actions/build-and-push-docker-images
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
username: cmur2
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
|
||||
- name: Build and push Docker image for dyndnsd ${{ env.DYNDNSD_VERSION }}
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: docker
|
||||
build-args: |
|
||||
DYNDNSD_VERSION=${{ env.DYNDNSD_VERSION }}
|
||||
push: true
|
||||
tags: cmur2/dyndnsd:v${{ env.DYNDNSD_VERSION }}
|
43
.github/workflows/ci.yml
vendored
Normal file
43
.github/workflows/ci.yml
vendored
Normal file
@@ -0,0 +1,43 @@
|
||||
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
||||
---
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [master]
|
||||
pull_request:
|
||||
branches: [master]
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: '35 4 * * 4' # weekly on thursday morning
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
ruby-version:
|
||||
- '2.7'
|
||||
- '3.0'
|
||||
- '3.1'
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Set up Ruby ${{ matrix.ruby-version }}
|
||||
uses: ruby/setup-ruby@v1
|
||||
with:
|
||||
ruby-version: ${{ matrix.ruby-version }}
|
||||
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
|
||||
|
||||
- name: Lint and Test
|
||||
run: |
|
||||
bundle exec rake ci
|
||||
|
||||
actionlint:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Check workflow files
|
||||
run: |
|
||||
echo "::add-matcher::.github/actionlint-matcher.json"
|
||||
bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
|
||||
./actionlint
|
20
.github/workflows/dockerhub.yml
vendored
Normal file
20
.github/workflows/dockerhub.yml
vendored
Normal file
@@ -0,0 +1,20 @@
|
||||
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
||||
---
|
||||
name: dockerhub
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '7 4 * * 4' # weekly on thursday morning
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
pull-released-dockerimages:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Avoid stale tags by pulling
|
||||
run: |
|
||||
ALL_IMAGES="$(curl -s https://hub.docker.com/v2/repositories/cmur2/dyndnsd/tags?page_size=1000 | jq -r '.results[].name | "cmur2/dyndnsd:" + .' | grep -e 'cmur2/dyndnsd:v')"
|
||||
for image in $ALL_IMAGES; do
|
||||
echo "Pulling $image to avoid staleness..."
|
||||
docker pull "$image"
|
||||
done
|
46
.github/workflows/vulnscan.yml
vendored
Normal file
46
.github/workflows/vulnscan.yml
vendored
Normal file
@@ -0,0 +1,46 @@
|
||||
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
||||
---
|
||||
name: vulnscan
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '7 4 * * 4' # weekly on thursday morning
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
scan-released-dockerimages:
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
TRIVY_IGNORE_UNFIXED: 'true'
|
||||
TRIVY_REMOVED_PKGS: 'true'
|
||||
steps:
|
||||
- name: Install Trivy
|
||||
run: |
|
||||
mkdir -p "$GITHUB_WORKSPACE/bin"
|
||||
echo "$GITHUB_WORKSPACE/bin" >> "$GITHUB_PATH"
|
||||
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b "$GITHUB_WORKSPACE/bin"
|
||||
- name: Download Trivy DB
|
||||
run: |
|
||||
trivy image --download-db-only
|
||||
- name: Scan vulnerabilities using Trivy
|
||||
env:
|
||||
TRIVY_SKIP_DIRS: 'usr/lib/ruby/gems/2.7.0/gems/jaeger-client-0.10.0/crossdock,usr/lib/ruby/gems/2.7.0/gems/jaeger-client-1.0.0/crossdock,usr/lib/ruby/gems/2.7.0/gems/jaeger-client-1.1.0/crossdock'
|
||||
run: |
|
||||
trivy --version
|
||||
|
||||
# semver sorting as per https://stackoverflow.com/a/40391207/2148786
|
||||
ALL_IMAGES="$(curl -s https://hub.docker.com/v2/repositories/cmur2/dyndnsd/tags?page_size=1000 | jq -r '.results[].name | "cmur2/dyndnsd:" + .' | grep -e 'cmur2/dyndnsd:v' | sed '/-/!{s/$/_/}' | sort -r -V | sed 's/_$//')"
|
||||
EXIT_CODE=0
|
||||
set -e
|
||||
for major_version in $(seq 1 10); do
|
||||
for image in $ALL_IMAGES; do
|
||||
if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then
|
||||
echo -e "\nScanning newest patch release $image of major v$major_version...\n"
|
||||
if ! trivy image --skip-update --exit-code 1 "$image"; then
|
||||
EXIT_CODE=1
|
||||
fi
|
||||
break
|
||||
fi
|
||||
done
|
||||
done
|
||||
exit "$EXIT_CODE"
|
2
.gitignore
vendored
2
.gitignore
vendored
@@ -2,3 +2,5 @@
|
||||
*.lock
|
||||
pkg/*
|
||||
.yardoc
|
||||
hadolint
|
||||
trivy
|
||||
|
16
.rubocop.yml
16
.rubocop.yml
@@ -1,5 +1,13 @@
|
||||
require:
|
||||
- rubocop-rake
|
||||
- rubocop-rspec
|
||||
|
||||
AllCops:
|
||||
TargetRubyVersion: '2.3'
|
||||
TargetRubyVersion: '2.7'
|
||||
NewCops: enable
|
||||
|
||||
Gemspec/RequireMFA:
|
||||
Enabled: false
|
||||
|
||||
Layout/EmptyLineAfterGuardClause:
|
||||
Enabled: false
|
||||
@@ -85,3 +93,9 @@ Style/SymbolArray:
|
||||
|
||||
Style/TrailingCommaInArrayLiteral:
|
||||
Enabled: false
|
||||
|
||||
RSpec/ExampleLength:
|
||||
Max: 20
|
||||
|
||||
RSpec/MultipleExpectations:
|
||||
Max: 20
|
||||
|
12
.travis.yml
12
.travis.yml
@@ -1,12 +0,0 @@
|
||||
---
|
||||
os: linux
|
||||
language: ruby
|
||||
rvm:
|
||||
- 2.7
|
||||
- 2.6
|
||||
- 2.5
|
||||
- 2.4
|
||||
- 2.3
|
||||
|
||||
script:
|
||||
- bundle exec rake travis
|
166
CHANGELOG.md
166
CHANGELOG.md
@@ -1,5 +1,169 @@
|
||||
# Changelog
|
||||
|
||||
## 3.6.0 (June 2nd, 2022)
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
- Drop EOL Ruby 2.6 and lower support, now minimum version supported is Ruby 2.7
|
||||
|
||||
OTHER:
|
||||
|
||||
- update base of Docker image to Alpine 3.16 (from 3.15.7 before)
|
||||
|
||||
## 3.5.3 (May 5th, 2022)
|
||||
|
||||
OTHER:
|
||||
|
||||
- re-release 3.5.2 to rebuild Docker image with security vulnerabilities fixes
|
||||
|
||||
## 3.5.2 (April 7th, 2022)
|
||||
|
||||
OTHER:
|
||||
|
||||
- re-release 3.5.1 to rebuild Docker image with security vulnerabilities fixes
|
||||
|
||||
## 3.5.1 (February 17th, 2022)
|
||||
|
||||
OTHER:
|
||||
|
||||
- re-release 3.5.0 to rebuild Docker image with security vulnerabilities fixes
|
||||
|
||||
## 3.5.0 (January 8th, 2022)
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
- add Ruby 3.1 support
|
||||
|
||||
OTHER:
|
||||
|
||||
- update base of Docker image to Alpine 3.15 (from 3.13.7 before, **Note:** please be aware of the quirks around [Alpine 3.14](https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2))
|
||||
|
||||
## 3.4.8 (December 11th, 2021)
|
||||
|
||||
OTHER:
|
||||
|
||||
- re-release 3.4.7 to rebuild Docker image with security vulnerabilities fixes
|
||||
|
||||
## 3.4.7 (November 19th, 2021)
|
||||
|
||||
OTHER:
|
||||
|
||||
- re-release 3.4.6 to rebuild Docker image with security vulnerabilities fixes
|
||||
|
||||
## 3.4.6 (November 19th, 2021)
|
||||
|
||||
OTHER:
|
||||
|
||||
- re-release 3.4.5 to rebuild Docker image with security vulnerabilities fixes
|
||||
|
||||
## 3.4.5 (August 26th, 2021)
|
||||
|
||||
OTHER:
|
||||
|
||||
- re-release 3.4.4 to rebuild Docker image with security vulnerabilities fixes
|
||||
|
||||
## 3.4.4 (August 26th, 2021)
|
||||
|
||||
OTHER:
|
||||
|
||||
- re-release 3.4.3 to rebuild Docker image with security vulnerabilities fixes
|
||||
|
||||
## 3.4.3 (August 20th, 2021)
|
||||
|
||||
OTHER:
|
||||
|
||||
- re-release 3.4.2 to rebuild Docker image with security vulnerabilities fixes
|
||||
|
||||
## 3.4.2 (July 30, 2021)
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
- move from OpenTracing to OpenTelemetry for experimental tracing feature
|
||||
|
||||
OTHER:
|
||||
|
||||
- re-release 3.4.1 to rebuild Docker image with security vulnerabilities fixes
|
||||
- adopt Renovate for dependency updates
|
||||
|
||||
## 3.4.1 (April 15, 2021)
|
||||
|
||||
OTHER:
|
||||
|
||||
- update base of Docker image to Alpine 3.13.5 to fix security vulnerabilities
|
||||
|
||||
## 3.4.0 (April 2, 2021)
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
- **change** Docker image to run as non-root user `65534` by default, limits attack surface for security and gives OpenShift compatibility
|
||||
|
||||
## 3.3.3 (April 1, 2021)
|
||||
|
||||
OTHER:
|
||||
|
||||
- update base of Docker image to Alpine 3.13.4 to fix security vulnerabilities
|
||||
|
||||
## 3.3.2 (February 20, 2021)
|
||||
|
||||
OTHER:
|
||||
|
||||
- update to use `docker/build-push-action@v2` for releasing Docker image in GHA
|
||||
|
||||
## 3.3.1 (February 18, 2021)
|
||||
|
||||
OTHER:
|
||||
|
||||
- update base of Docker image to Alpine 3.13.2 to fix security vulnerabilities
|
||||
|
||||
## 3.3.0 (January 18, 2021)
|
||||
|
||||
OTHER:
|
||||
|
||||
- update base of Docker image to Alpine 3.13
|
||||
|
||||
## 3.2.0 (January 14, 2021)
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
- Add Ruby 3.0 support
|
||||
|
||||
## 3.1.3 (December 20, 2020)
|
||||
|
||||
OTHER:
|
||||
|
||||
- fix Docker image release process in Github Actions CI, 3.1.2 was not released as a Docker image
|
||||
|
||||
## 3.1.2 (December 20, 2020)
|
||||
|
||||
OTHER:
|
||||
|
||||
- fixes vulnerabilities in Docker image by using updated Alpine base image
|
||||
- start using Github Actions CI for tests and drop Travis CI
|
||||
|
||||
## 3.1.1 (October 3, 2020)
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
- Use webrick gem which contains fixes against [CVE-2020-25613](https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/)
|
||||
|
||||
## 3.1.0 (August 19, 2020)
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
- Add officially maintained [Docker image for dyndnsd](https://hub.docker.com/r/cmur2/dyndnsd)
|
||||
|
||||
## 3.0.0 (July 29, 2020)
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
- Drop EOL Ruby 2.4 and lower support, now minimum version supported is Ruby 2.5
|
||||
|
||||
## 2.3.1 (July 27, 2020)
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
- Fix annoying error message `log writing failed. can't be called from trap context` on shutdown by not attempting to log redundant information there
|
||||
|
||||
## 2.3.0 (July 20, 2020)
|
||||
|
||||
IMPROVEMENTS:
|
||||
@@ -96,7 +260,7 @@ IMPROVEMENTS:
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
- Support dropping priviliges on startup, also affects external commands run
|
||||
- Support dropping privileges on startup, also affects external commands run
|
||||
- Add [metriks](https://github.com/eric/metriks) support for basic metrics in the process title
|
||||
- Detach from child processes running external commands to avoid zombie processes
|
||||
|
||||
|
85
README.md
85
README.md
@@ -1,6 +1,6 @@
|
||||
# dyndnsd.rb
|
||||
|
||||
[](https://travis-ci.org/cmur2/dyndnsd) [](https://depfu.com/github/cmur2/dyndnsd)
|
||||
 [](https://depfu.com/github/cmur2/dyndnsd)
|
||||
|
||||
A small, lightweight and extensible DynDNS server written with Ruby and Rack.
|
||||
|
||||
@@ -64,14 +64,49 @@ users:
|
||||
|
||||
Run dyndnsd.rb by:
|
||||
|
||||
dyndnsd /path/to/config.yaml
|
||||
```bash
|
||||
dyndnsd /path/to/config.yml
|
||||
```
|
||||
|
||||
|
||||
### Docker image
|
||||
|
||||
There is an officially maintained [Docker image for dyndnsd](https://hub.docker.com/r/cmur2/dyndnsd) available at Dockerhub. The goal is to have a minimal secured image available (currently based on Alpine) that works well for the `zone_transfer_server` updater use case.
|
||||
|
||||
Users can make extensions by deriving from the official Docker image or building their own.
|
||||
|
||||
The Docker image consumes the same configuration file in YAML format as the gem, inside the container it needs to be mounted/available as `/etc/dyndnsd/config.yml`. The following YAML should be used as a base and extended with user's settings:
|
||||
|
||||
```yaml
|
||||
host: "0.0.0.0"
|
||||
port: 8080
|
||||
# omit the logfile: option so logging to STDOUT will happen automatically
|
||||
db: "/var/lib/dyndnsd/db.json"
|
||||
|
||||
# User's settings for updater and permissions follow here!
|
||||
```
|
||||
|
||||
more ports might be needed depending on if DNS zone transfer is needed
|
||||
|
||||
Run the Docker image exposing the DynDNS-API on host port 8080 via:
|
||||
|
||||
```bash
|
||||
docker run -d --name dyndnsd \
|
||||
-p 8080:8080 \
|
||||
-v /host/path/to/dyndnsd/config.yml:/etc/dyndnsd/config.yml \
|
||||
-v /host/ptherpath/to/dyndnsd/datadir:/var/lib/dyndnsd \
|
||||
cmur2/dyndnsd:vX.Y.Z
|
||||
```
|
||||
|
||||
*Note*: You may need to expose more than just port 8080 e.g. if you use the `zone_transfer_server` which can be done by appending additional `-p 5353:5353` flags to the `docker run` command.
|
||||
|
||||
|
||||
|
||||
## Using dyndnsd.rb with any nameserver via DNS zone transfers (AXFR)
|
||||
|
||||
By using [DNS zone transfers via AXFR (RFC5936)](https://tools.ietf.org/html/rfc5936) any secondary nameserver can retrieve the DNS zone contents from dyndnsd.rb and serve them to clients.
|
||||
To speedup propagation after changes dyndnsd.rb can issue a [DNS NOTIFY (RFC1996)](https://tools.ietf.org/html/rfc1996) to inform the nameserver that the DNS zone contents changed and should be fetched even before the time indicated in the SOA record is up.
|
||||
Currently dyndnsd.rb does not support any authentication for incoming DNS zone transfer requests so it should be isolated from the internet on these ports.
|
||||
Currently, dyndnsd.rb does not support any authentication for incoming DNS zone transfer request, so it should be isolated from the internet on these ports.
|
||||
|
||||
This approach has several advantages:
|
||||
- dyndnsd.rb can be used in *hidden primary* fashion isolated from client's DNS traffic and does not need to implement full nameserver features
|
||||
@@ -116,7 +151,7 @@ users:
|
||||
|
||||
NSD is a nice, open source, authoritative-only, low-memory DNS server that reads BIND-style zone files (and converts them into its own database) and has a simple configuration file.
|
||||
|
||||
A feature NSD is lacking is the [Dynamic DNS update (RFC2136)](https://tools.ietf.org/html/rfc2136) functionality BIND offers but one can fake it using the following dyndnsd.rb configuration:
|
||||
A feature NSD is lacking is the [Dynamic DNS update (RFC2136)](https://tools.ietf.org/html/rfc2136) functionality BIND offers, but one can fake it using the following dyndnsd.rb configuration:
|
||||
|
||||
```yaml
|
||||
host: "0.0.0.0"
|
||||
@@ -162,39 +197,41 @@ The update URL you want to tell your clients (humans or scripts ^^) consists of
|
||||
|
||||
where:
|
||||
|
||||
* the protocol depends on your (webserver/proxy) settings
|
||||
* USER and PASSWORD are needed for HTTP Basic Auth and valid combinations are defined in your config.yaml
|
||||
* DOMAIN should match what you defined in your config.yaml as domain but may be anything else when using a webserver as proxy
|
||||
* PORT depends on your (webserver/proxy) settings
|
||||
* HOSTNAMES is a required list of comma-separated FQDNs (they all have to end with your config.yaml domain) the user wants to update
|
||||
* MYIP is optional and the HTTP client's IP address will be used if missing
|
||||
* MYIP6 is optional but if present also requires presence of MYIP
|
||||
* the protocol depends on your (web server/proxy) settings
|
||||
* `USER` and `PASSWORD` are needed for HTTP Basic Auth and valid combinations are defined in your config.yaml
|
||||
* `DOMAIN` should match what you defined in your config.yaml as domain but may be anything else when using a web server as proxy
|
||||
* `PORT` depends on your (web server/proxy) settings
|
||||
* `HOSTNAMES` is a required list of comma-separated FQDNs (they all have to end with your config.yaml domain) the user wants to update
|
||||
* `MYIP` is optional and the HTTP client's IP address will be used if missing
|
||||
* `MYIP6` is optional but if present also requires presence of `MYIP`
|
||||
|
||||
|
||||
### IP address determination
|
||||
|
||||
The following rules apply:
|
||||
|
||||
* use any IP address provided via the myip parameter when present, or
|
||||
* use any IP address provided via the X-Real-IP header e.g. when used behind HTTP reverse proxy such as nginx, or
|
||||
* use any IP address provided via the `myip` parameter when present, or
|
||||
* use any IP address provided via the `X-Real-IP` header e.g. when used behind HTTP reverse proxy such as nginx, or
|
||||
* use any IP address used by the connecting HTTP client
|
||||
|
||||
If you want to provide an additional IPv6 address as myip6 parameter, the myip parameter containing an IPv4 address has to be present, too! No automatism is applied then.
|
||||
If you want to provide an additional IPv6 address as myip6 parameter, the `myip` parameter containing an IPv4 address has to be present, too! No automatism is applied then.
|
||||
|
||||
|
||||
### SSL, multiple listen ports
|
||||
|
||||
Use a webserver as a proxy to handle SSL and/or multiple listen addresses and ports. DynDNS.com provides HTTP on port 80 and 8245 and HTTPS on port 443.
|
||||
Use a web server as a proxy to handle SSL and/or multiple listen addresses and ports. DynDNS.com provides HTTP on port 80 and 8245 and HTTPS on port 443.
|
||||
|
||||
|
||||
### Init scripts
|
||||
### Startup
|
||||
|
||||
The [Debian 6 init.d script](init.d/debian-6-dyndnsd) assumes that dyndnsd.rb is installed into the system ruby (no RVM support) and the config.yaml is at /opt/dyndnsd/config.yaml. Modify to your needs.
|
||||
There is a [Dockerfile](docs/Dockerfile) that can be used to build a Docker image for running dyndnsd.rb.
|
||||
|
||||
The [Debian 6 init.d script](docs/debian-6-init-dyndnsd) assumes that dyndnsd.rb is installed into the system ruby (no RVM support) and the config.yaml is at /opt/dyndnsd/config.yaml. Modify to your needs.
|
||||
|
||||
|
||||
### Monitoring
|
||||
|
||||
For monitoring dyndnsd.rb uses the [metriks](https://github.com/eric/metriks) framework and exposes several metrics like the number of unauthenticated requests, requests that did (not) update a hostname, etc. By default the most important metrics are shown in the [proctitle](https://github.com/eric/metriks#proc-title-reporter) but you can also configure a [Graphite](https://graphiteapp.org/) backend for central monitoring or the [textfile_reporter](https://github.com/prometheus/node_exporter/#textfile-collector) which outputs Graphite-style metrics that are also compatible with Prometheus to a file.
|
||||
For monitoring dyndnsd.rb uses the [metriks](https://github.com/eric/metriks) framework and exposes several metrics like the number of unauthenticated requests, requests that did (not) update a hostname, etc. By default, the most important metrics are shown in the [proctitle](https://github.com/eric/metriks#proc-title-reporter, butt you can also configure a [Graphite](https://graphiteapp.org/) backend for central monitoring or the [textfile_reporter](https://github.com/prometheus/node_exporter/#textfile-collector) which outputs Graphite-style metrics that are also compatible with Prometheus to a file.
|
||||
|
||||
```yaml
|
||||
host: "0.0.0.0"
|
||||
@@ -234,9 +271,9 @@ users:
|
||||
|
||||
### Tracing (experimental)
|
||||
|
||||
For tracing, dyndnsd.rb is instrumented using the [OpenTracing](http://opentracing.io/) framework and will emit span tracing data for the most important operations happening during the request/response cycle. Using a middleware for Rack allows handling incoming OpenTracing span information properly.
|
||||
For tracing, dyndnsd.rb is instrumented using the [OpenTelemetry](https://opentelemetry.io/docs/ruby/) framework and will emit span tracing data for the most important operations happening during the request/response cycle. Using an [instrumentation for Rack](https://github.com/open-telemetry/opentelemetry-ruby/tree/main/instrumentation/rack) allows handling incoming OpenTelemetry parent span information properly (when desired, turned off by default to reduce attack surface).
|
||||
|
||||
Currently only one OpenTracing-compatible tracer implementation named [CNCF Jaeger](https://github.com/jaegertracing/jaeger) can be configured to use with dyndnsd.rb.
|
||||
Currently, the [OpenTelemetry trace exporter](https://github.com/open-telemetry/opentelemetry-ruby/tree/main/exporter/jaeger) for [CNCF Jaeger](https://github.com/jaegertracing/jaeger) can be enabled via dyndnsd.rb configuration. Alternatively, you can also enable other exporters via the environment variable `OTEL_TRACES_EXPORTER`, e.g. `OTEL_TRACES_EXPORTER=console`.
|
||||
|
||||
```yaml
|
||||
host: "0.0.0.0"
|
||||
@@ -245,11 +282,9 @@ db: "/opt/dyndnsd/db.json"
|
||||
domain: "dyn.example.org"
|
||||
# enable and configure tracing using the (currently only) tracer jaeger
|
||||
tracing:
|
||||
trust_incoming_span: false # default value, change to accept incoming OpenTracing spans as parents
|
||||
jaeger:
|
||||
host: 127.0.0.1 # defaults for host and port of local jaeger-agent
|
||||
port: 6831
|
||||
service_name: "my.dyndnsd.identifier"
|
||||
trust_incoming_span: false # default value, change to accept incoming OpenTelemetry spans as parents
|
||||
service_name: "my.dyndnsd.identifier" # default unset, will be populated by OpenTelemetry
|
||||
jaeger: true # enables the Jaeger AgentExporter
|
||||
# configure the updater, here we use command_with_bind_zone, params are updater-specific
|
||||
updater:
|
||||
name: "command_with_bind_zone"
|
||||
|
73
Rakefile
73
Rakefile
@@ -9,16 +9,73 @@ RSpec::Core::RakeTask.new(:spec)
|
||||
RuboCop::RakeTask.new
|
||||
Bundler::Audit::Task.new
|
||||
|
||||
desc 'Should be run by developer once to prepare initial solargraph usage (fill caches etc.)'
|
||||
task :'solargraph:init' do
|
||||
sh 'solargraph download-core'
|
||||
end
|
||||
|
||||
desc 'Run experimental solargraph type checker'
|
||||
task :'solargraph:tc' do
|
||||
task :solargraph do
|
||||
sh 'solargraph typecheck'
|
||||
end
|
||||
|
||||
task default: [:rubocop, :spec, 'bundle:audit']
|
||||
namespace :solargraph do
|
||||
desc 'Should be run by developer once to prepare initial solargraph usage (fill caches etc.)'
|
||||
task :init do
|
||||
sh 'solargraph download-core'
|
||||
end
|
||||
end
|
||||
|
||||
task travis: [:default, :'solargraph:tc']
|
||||
# renovate: datasource=github-tags depName=hadolint/hadolint
|
||||
hadolint_version = 'v2.10.0'
|
||||
|
||||
# renovate: datasource=github-tags depName=aquasecurity/trivy
|
||||
trivy_version = 'v0.28.1'
|
||||
|
||||
namespace :docker do
|
||||
ci_image = 'cmur2/dyndnsd:ci'
|
||||
|
||||
desc 'Lint Dockerfile'
|
||||
task :lint do
|
||||
sh "if [ ! -e ./hadolint ]; then wget -q -O ./hadolint https://github.com/hadolint/hadolint/releases/download/#{hadolint_version}/hadolint-Linux-x86_64; fi"
|
||||
sh 'chmod a+x ./hadolint'
|
||||
sh './hadolint --ignore DL3018 docker/Dockerfile'
|
||||
sh './hadolint --ignore DL3018 --ignore DL3028 docker/ci/Dockerfile'
|
||||
end
|
||||
|
||||
desc 'Build CI Docker image'
|
||||
task :build do
|
||||
sh 'docker build -t cmur2/dyndnsd:ci -f docker/ci/Dockerfile .'
|
||||
end
|
||||
|
||||
desc 'Scan CI Docker image for vulnerabilities'
|
||||
task :scan do
|
||||
ver = trivy_version.gsub('v', '')
|
||||
sh "if [ ! -e ./trivy ]; then wget -q -O - https://github.com/aquasecurity/trivy/releases/download/v#{ver}/trivy_#{ver}_Linux-64bit.tar.gz | tar -xzf - trivy; fi"
|
||||
sh "./trivy image #{ci_image}"
|
||||
end
|
||||
|
||||
desc 'End-to-end test the CI Docker image'
|
||||
task :e2e do
|
||||
sh <<~SCRIPT
|
||||
echo -n '{}' > e2e/db.json
|
||||
chmod a+w e2e/db.json
|
||||
SCRIPT
|
||||
sh "docker run -d --name=dyndnsd-ci -v $(pwd)/e2e:/etc/dyndnsd -p 8080:8080 -p 5353:5353 #{ci_image}"
|
||||
sh 'sleep 1'
|
||||
puts '----------------------------------------'
|
||||
# `dig` needs `sudo apt-get install -y -q dnsutils`
|
||||
sh <<~SCRIPT
|
||||
curl -s -o /dev/null -w '%{http_code}' 'http://localhost:8080/' | grep -q '401'
|
||||
curl -s 'http://foo:secret@localhost:8080/nic/update?hostname=foo.dyn.example.org&myip=1.2.3.4' | grep -q 'good'
|
||||
curl -s 'http://foo:secret@localhost:8080/nic/update?hostname=foo.dyn.example.org&myip=1.2.3.4' | grep -q 'nochg'
|
||||
dig +short AXFR 'dyn.example.org' @127.0.0.1 -p 5353 | grep -q '1.2.3.4'
|
||||
SCRIPT
|
||||
puts '----------------------------------------'
|
||||
sh <<~SCRIPT
|
||||
docker logs dyndnsd-ci
|
||||
docker container rm -f -v dyndnsd-ci
|
||||
rm e2e/db.json
|
||||
SCRIPT
|
||||
end
|
||||
end
|
||||
|
||||
task default: [:rubocop, :spec, 'bundle:audit', :solargraph]
|
||||
|
||||
desc 'Run all tasks desired for CI'
|
||||
task ci: ['solargraph:init', :default, 'docker:lint', :build, 'docker:build', 'docker:e2e']
|
||||
|
22
docker/Dockerfile
Normal file
22
docker/Dockerfile
Normal file
@@ -0,0 +1,22 @@
|
||||
FROM alpine:3.16.0
|
||||
|
||||
EXPOSE 5353 8080
|
||||
|
||||
ARG DYNDNSD_VERSION
|
||||
|
||||
RUN apk --no-cache add openssl ca-certificates && \
|
||||
apk --no-cache add ruby ruby-etc ruby-io-console ruby-json ruby-webrick && \
|
||||
apk --no-cache add --virtual .build-deps linux-headers ruby-dev build-base tzdata && \
|
||||
gem install --no-document dyndnsd -v ${DYNDNSD_VERSION} && \
|
||||
rm -rf /usr/lib/ruby/gems/*/cache/ && \
|
||||
# set timezone to Berlin
|
||||
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
|
||||
apk del .build-deps
|
||||
|
||||
# Follow the principle of least privilege: run as unprivileged user.
|
||||
# Running as non-root enables running this image in platforms like OpenShift
|
||||
# that do not allow images running as root.
|
||||
# User ID 65534 is usually user 'nobody'.
|
||||
USER 65534
|
||||
|
||||
ENTRYPOINT ["dyndnsd", "/etc/dyndnsd/config.yml"]
|
22
docker/ci/Dockerfile
Normal file
22
docker/ci/Dockerfile
Normal file
@@ -0,0 +1,22 @@
|
||||
FROM alpine:3.16.0
|
||||
|
||||
EXPOSE 5353 8080
|
||||
|
||||
COPY pkg/dyndnsd-*.gem /tmp/dyndnsd.gem
|
||||
|
||||
RUN apk --no-cache add openssl ca-certificates && \
|
||||
apk --no-cache add ruby ruby-etc ruby-io-console ruby-json ruby-webrick && \
|
||||
apk --no-cache add --virtual .build-deps linux-headers ruby-dev build-base tzdata && \
|
||||
gem install --no-document /tmp/dyndnsd.gem && \
|
||||
rm -rf /usr/lib/ruby/gems/*/cache/ && \
|
||||
# set timezone to Berlin
|
||||
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
|
||||
apk del .build-deps
|
||||
|
||||
# Follow the principle of least privilege: run as unprivileged user.
|
||||
# Running as non-root enables running this image in platforms like OpenShift
|
||||
# that do not allow images running as root.
|
||||
# User ID 65534 is usually user 'nobody'.
|
||||
USER 65534
|
||||
|
||||
ENTRYPOINT ["dyndnsd", "/etc/dyndnsd/config.yml"]
|
0
init.d/debian-6-dyndnsd → docs/debian-6-init-dyndnsd
Normal file → Executable file
0
init.d/debian-6-dyndnsd → docs/debian-6-init-dyndnsd
Normal file → Executable file
@@ -25,20 +25,24 @@ Gem::Specification.new do |s|
|
||||
s.executables = ['dyndnsd']
|
||||
s.extra_rdoc_files = Dir['README.md', 'CHANGELOG.md', 'LICENSE']
|
||||
|
||||
s.required_ruby_version = '>= 2.3'
|
||||
s.required_ruby_version = '>= 2.7'
|
||||
|
||||
s.add_runtime_dependency 'async-dns', '~> 1.2.0'
|
||||
s.add_runtime_dependency 'jaeger-client', '~> 0.10.0'
|
||||
s.add_runtime_dependency 'async', '~> 1.30.0'
|
||||
s.add_runtime_dependency 'async-dns', '~> 1.3.0'
|
||||
s.add_runtime_dependency 'metriks'
|
||||
s.add_runtime_dependency 'opentracing', '~> 0.5.0'
|
||||
s.add_runtime_dependency 'opentelemetry-exporter-jaeger', '~> 0.20.0'
|
||||
s.add_runtime_dependency 'opentelemetry-instrumentation-rack', '~> 0.20.0'
|
||||
s.add_runtime_dependency 'opentelemetry-sdk', '~> 1.0.0.rc2'
|
||||
s.add_runtime_dependency 'rack', '~> 2.0'
|
||||
s.add_runtime_dependency 'rack-tracer', '~> 0.9.0'
|
||||
s.add_runtime_dependency 'webrick', '>= 1.6.1'
|
||||
|
||||
s.add_development_dependency 'bundler'
|
||||
s.add_development_dependency 'bundler-audit', '~> 0.7.0'
|
||||
s.add_development_dependency 'bundler-audit', '~> 0.9.0'
|
||||
s.add_development_dependency 'rack-test'
|
||||
s.add_development_dependency 'rake'
|
||||
s.add_development_dependency 'rspec'
|
||||
s.add_development_dependency 'rubocop', '~> 0.81.0'
|
||||
s.add_development_dependency 'solargraph'
|
||||
s.add_development_dependency 'rubocop', '~> 1.30.0'
|
||||
s.add_development_dependency 'rubocop-rake', '~> 0.6.0'
|
||||
s.add_development_dependency 'rubocop-rspec', '~> 2.11.1'
|
||||
s.add_development_dependency 'solargraph', '~> 0.45.0'
|
||||
end
|
||||
|
31
e2e/config.yml
Normal file
31
e2e/config.yml
Normal file
@@ -0,0 +1,31 @@
|
||||
---
|
||||
host: "0.0.0.0"
|
||||
port: 8080
|
||||
|
||||
db: /etc/dyndnsd/db.json
|
||||
debug: false
|
||||
domain: dyn.example.org
|
||||
#responder: RestStyle
|
||||
|
||||
updater:
|
||||
name: zone_transfer_server
|
||||
params:
|
||||
server_listens:
|
||||
- 0.0.0.0@5353
|
||||
#send_notifies:
|
||||
#- 10.0.2.15@53
|
||||
zone_ttl: 300 # 5m
|
||||
zone_nameservers:
|
||||
- dns1.example.org.
|
||||
- dns2.example.org.
|
||||
zone_email_address: admin.example.org.
|
||||
zone_additional_ips:
|
||||
- "127.0.0.1"
|
||||
- "::1"
|
||||
|
||||
users:
|
||||
foo:
|
||||
password: "secret"
|
||||
hosts:
|
||||
- foo.dyn.example.org
|
||||
- bar.dyn.example.org
|
@@ -1,5 +1,6 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
require 'date'
|
||||
require 'etc'
|
||||
require 'logger'
|
||||
require 'ipaddr'
|
||||
@@ -7,9 +8,9 @@ require 'json'
|
||||
require 'yaml'
|
||||
require 'rack'
|
||||
require 'metriks'
|
||||
require 'opentelemetry/instrumentation/rack'
|
||||
require 'opentelemetry/sdk'
|
||||
require 'metriks/reporter/graphite'
|
||||
require 'opentracing'
|
||||
require 'rack/tracer'
|
||||
|
||||
require 'dyndnsd/generator/bind'
|
||||
require 'dyndnsd/updater/command_with_bind_zone'
|
||||
@@ -68,7 +69,7 @@ module Dyndnsd
|
||||
# @return [Boolean]
|
||||
def authorized?(username, password)
|
||||
Helper.span('check_authorized') do |span|
|
||||
span.set_tag('dyndnsd.user', username)
|
||||
span.set_attribute('enduser.id', username)
|
||||
|
||||
allow = Helper.user_allowed?(username, password, @users)
|
||||
if !allow
|
||||
@@ -80,7 +81,7 @@ module Dyndnsd
|
||||
end
|
||||
|
||||
# @param env [Hash{String => String}]
|
||||
# @return [Array{Integer,Hash{String => String},Array{String}}]
|
||||
# @return [Array{Integer,Hash{String => String},Array<String>}]
|
||||
def call(env)
|
||||
return [422, {'X-DynDNS-Response' => 'method_forbidden'}, []] if env['REQUEST_METHOD'] != 'GET'
|
||||
return [422, {'X-DynDNS-Response' => 'not_found'}, []] if env['PATH_INFO'] != '/nic/update'
|
||||
@@ -105,13 +106,13 @@ module Dyndnsd
|
||||
puts "DynDNSd version #{Dyndnsd::VERSION}"
|
||||
puts "Using config file #{config_file}"
|
||||
|
||||
config = YAML.safe_load(File.open(config_file, 'r', &:read))
|
||||
config = YAML.safe_load(File.read(config_file))
|
||||
|
||||
setup_logger(config)
|
||||
|
||||
Dyndnsd.logger.info 'Starting...'
|
||||
|
||||
# drop priviliges as soon as possible
|
||||
# drop privileges as soon as possible
|
||||
# NOTE: first change group than user
|
||||
if config['group']
|
||||
group = Etc.getgrnam(config['group'])
|
||||
@@ -134,7 +135,7 @@ module Dyndnsd
|
||||
private
|
||||
|
||||
# @param params [Hash{String => String}]
|
||||
# @return [Array{String}]
|
||||
# @return [Array<String>]
|
||||
def extract_v4_and_v6_address(params)
|
||||
return [] if !(params['myip'])
|
||||
begin
|
||||
@@ -148,7 +149,7 @@ module Dyndnsd
|
||||
|
||||
# @param env [Hash{String => String}]
|
||||
# @param params [Hash{String => String}]
|
||||
# @return [Array{String}]
|
||||
# @return [Array<String>]
|
||||
def extract_myips(env, params)
|
||||
# require presence of myip parameter as valid IPAddr (v4) and valid myip6
|
||||
return extract_v4_and_v6_address(params) if params.key?('myip6')
|
||||
@@ -164,12 +165,12 @@ module Dyndnsd
|
||||
end
|
||||
|
||||
# @param hostnames [String]
|
||||
# @param myips [Array{String}]
|
||||
# @return [Array{Symbol}]
|
||||
# @param myips [Array<String>]
|
||||
# @return [Array<Symbol>]
|
||||
def process_changes(hostnames, myips)
|
||||
changes = []
|
||||
Helper.span('process_changes') do |span|
|
||||
span.set_tag('dyndnsd.hostnames', hostnames.join(','))
|
||||
span.set_attribute('dyndnsd.hostnames', hostnames.join(','))
|
||||
|
||||
hostnames.each do |hostname|
|
||||
# myips order is always deterministic
|
||||
@@ -200,7 +201,7 @@ module Dyndnsd
|
||||
end
|
||||
|
||||
# @param env [Hash{String => String}]
|
||||
# @return [Array{Integer,Hash{String => String},Array{String}}]
|
||||
# @return [Array{Integer,Hash{String => String},Array<String>}]
|
||||
def handle_dyndns_request(env)
|
||||
params = Rack::Utils.parse_query(env['QUERY_STRING'])
|
||||
|
||||
@@ -245,22 +246,22 @@ module Dyndnsd
|
||||
if config['logfile']
|
||||
Dyndnsd.logger = Logger.new(config['logfile'])
|
||||
else
|
||||
Dyndnsd.logger = Logger.new(STDOUT)
|
||||
Dyndnsd.logger = Logger.new($stdout)
|
||||
end
|
||||
|
||||
Dyndnsd.logger.progname = 'dyndnsd'
|
||||
Dyndnsd.logger.formatter = LogFormatter.new
|
||||
Dyndnsd.logger.level = config['debug'] ? Logger::DEBUG : Logger::INFO
|
||||
|
||||
OpenTelemetry.logger = Dyndnsd.logger
|
||||
end
|
||||
|
||||
# @return [void]
|
||||
private_class_method def self.setup_traps
|
||||
Signal.trap('INT') do
|
||||
Dyndnsd.logger.info 'Quitting...'
|
||||
Rack::Handler::WEBrick.shutdown
|
||||
end
|
||||
Signal.trap('TERM') do
|
||||
Dyndnsd.logger.info 'Quitting...'
|
||||
Rack::Handler::WEBrick.shutdown
|
||||
end
|
||||
end
|
||||
@@ -297,16 +298,31 @@ module Dyndnsd
|
||||
# @param config [Hash{String => Object}]
|
||||
# @return [void]
|
||||
private_class_method def self.setup_tracing(config)
|
||||
# configure OpenTracing
|
||||
if config.dig('tracing', 'jaeger')
|
||||
require 'jaeger/client'
|
||||
# by default do not try to emit any traces until the user opts in
|
||||
ENV['OTEL_TRACES_EXPORTER'] ||= 'none'
|
||||
|
||||
host = config['tracing']['jaeger']['host'] || '127.0.0.1'
|
||||
port = config['tracing']['jaeger']['port'] || 6831
|
||||
service_name = config['tracing']['jaeger']['service_name'] || 'dyndnsd'
|
||||
OpenTracing.global_tracer = Jaeger::Client.build(
|
||||
host: host, port: port, service_name: service_name, flush_interval: 1
|
||||
)
|
||||
# configure OpenTelemetry
|
||||
OpenTelemetry::SDK.configure do |c|
|
||||
if config.dig('tracing', 'jaeger')
|
||||
require 'opentelemetry/exporter/jaeger'
|
||||
|
||||
c.add_span_processor(
|
||||
OpenTelemetry::SDK::Trace::Export::BatchSpanProcessor.new(
|
||||
OpenTelemetry::Exporter::Jaeger::AgentExporter.new
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
if config.dig('tracing', 'service_name')
|
||||
c.service_name = config['tracing']['service_name']
|
||||
end
|
||||
|
||||
c.service_version = Dyndnsd::VERSION
|
||||
c.use('OpenTelemetry::Instrumentation::Rack')
|
||||
end
|
||||
|
||||
if !config.dig('tracing', 'trust_incoming_span')
|
||||
OpenTelemetry.propagation = OpenTelemetry::Context::Propagation::NoopTextMapPropagator.new
|
||||
end
|
||||
end
|
||||
|
||||
@@ -332,8 +348,7 @@ module Dyndnsd
|
||||
app = Responder::DynDNSStyle.new(app)
|
||||
end
|
||||
|
||||
trust_incoming_span = config.dig('tracing', 'trust_incoming_span') || false
|
||||
app = Rack::Tracer.new(app, trust_incoming_span: trust_incoming_span)
|
||||
app = OpenTelemetry::Instrumentation::Rack::Middlewares::TracerMiddleware.new(app)
|
||||
|
||||
Rack::Handler::WEBrick.run app, Host: config['host'], Port: config['port']
|
||||
end
|
||||
|
@@ -27,7 +27,7 @@ module Dyndnsd
|
||||
ips.each do |ip|
|
||||
ip = IPAddr.new(ip).native
|
||||
type = ip.ipv6? ? 'AAAA' : 'A'
|
||||
name = hostname.chomp('.' + @domain)
|
||||
name = hostname.chomp(".#{@domain}")
|
||||
out << "#{name} IN #{type} #{ip}"
|
||||
end
|
||||
end
|
||||
|
@@ -45,24 +45,17 @@ module Dyndnsd
|
||||
# @param block [Proc]
|
||||
# @return [void]
|
||||
def self.span(operation, &block)
|
||||
scope = OpenTracing.start_active_span(operation)
|
||||
span = scope.span
|
||||
span.set_tag('component', 'dyndnsd')
|
||||
span.set_tag('span.kind', 'server')
|
||||
begin
|
||||
tracer = OpenTelemetry.tracer_provider.tracer(Dyndnsd.name, Dyndnsd::VERSION)
|
||||
tracer.in_span(
|
||||
operation,
|
||||
attributes: {'component' => 'dyndnsd'},
|
||||
kind: :server
|
||||
) do |span|
|
||||
Dyndnsd.logger.debug "Creating span ID #{span.context.hex_span_id} for trace ID #{span.context.hex_trace_id}"
|
||||
block.call(span)
|
||||
rescue StandardError => e
|
||||
span.set_tag('error', true)
|
||||
span.log_kv(
|
||||
event: 'error',
|
||||
'error.kind': e.class.to_s,
|
||||
'error.object': e,
|
||||
message: e.message,
|
||||
stack: e.backtrace&.join("\n") || ''
|
||||
)
|
||||
raise
|
||||
ensure
|
||||
scope.close
|
||||
span.record_exception(e)
|
||||
raise e
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@@ -9,7 +9,7 @@ module Dyndnsd
|
||||
end
|
||||
|
||||
# @param env [Hash{String => String}]
|
||||
# @return [Array{Integer,Hash{String => String},Array{String}}]
|
||||
# @return [Array{Integer,Hash{String => String},Array<String>}]
|
||||
def call(env)
|
||||
@app.call(env).tap do |status_code, headers, body|
|
||||
if headers.key?('X-DynDNS-Response')
|
||||
@@ -24,30 +24,32 @@ module Dyndnsd
|
||||
|
||||
# @param status_code [Integer]
|
||||
# @param headers [Hash{String => String}]
|
||||
# @param body [Array{String}]
|
||||
# @return [Array{Integer,Hash{String => String},Array{String}}]
|
||||
# @param body [Array<String>]
|
||||
# @return [Array{Integer,Hash{String => String},Array<String>}]
|
||||
def decorate_dyndnsd_response(status_code, headers, body)
|
||||
if status_code == 200
|
||||
case status_code
|
||||
when 200
|
||||
[200, {'Content-Type' => 'text/plain'}, [get_success_body(body[0], body[1])]]
|
||||
elsif status_code == 422
|
||||
when 422
|
||||
error_response_map[headers['X-DynDNS-Response']]
|
||||
end
|
||||
end
|
||||
|
||||
# @param status_code [Integer]
|
||||
# @param headers [Hash{String => String}]
|
||||
# @param _body [Array{String}]
|
||||
# @return [Array{Integer,Hash{String => String},Array{String}}]
|
||||
# @param _body [Array<String>]
|
||||
# @return [Array{Integer,Hash{String => String},Array<String>}]
|
||||
def decorate_other_response(status_code, headers, _body)
|
||||
if status_code == 400
|
||||
case status_code
|
||||
when 400
|
||||
[status_code, headers, ['Bad Request']]
|
||||
elsif status_code == 401
|
||||
when 401
|
||||
[status_code, headers, ['badauth']]
|
||||
end
|
||||
end
|
||||
|
||||
# @param changes [Array{Symbol}]
|
||||
# @param myips [Array{String}]
|
||||
# @param changes [Array<Symbol>]
|
||||
# @param myips [Array<String>]
|
||||
# @return [String]
|
||||
def get_success_body(changes, myips)
|
||||
changes.map { |change| "#{change} #{myips.join(' ')}" }.join("\n")
|
||||
|
@@ -9,7 +9,7 @@ module Dyndnsd
|
||||
end
|
||||
|
||||
# @param env [Hash{String => String}]
|
||||
# @return [Array{Integer,Hash{String => String},Array{String}}]
|
||||
# @return [Array{Integer,Hash{String => String},Array<String>}]
|
||||
def call(env)
|
||||
@app.call(env).tap do |status_code, headers, body|
|
||||
if headers.key?('X-DynDNS-Response')
|
||||
@@ -24,30 +24,32 @@ module Dyndnsd
|
||||
|
||||
# @param status_code [Integer]
|
||||
# @param headers [Hash{String => String}]
|
||||
# @param body [Array{String}]
|
||||
# @return [Array{Integer,Hash{String => String},Array{String}}]
|
||||
# @param body [Array<String>]
|
||||
# @return [Array{Integer,Hash{String => String},Array<String>}]
|
||||
def decorate_dyndnsd_response(status_code, headers, body)
|
||||
if status_code == 200
|
||||
case status_code
|
||||
when 200
|
||||
[200, {'Content-Type' => 'text/plain'}, [get_success_body(body[0], body[1])]]
|
||||
elsif status_code == 422
|
||||
when 422
|
||||
error_response_map[headers['X-DynDNS-Response']]
|
||||
end
|
||||
end
|
||||
|
||||
# @param status_code [Integer]
|
||||
# @param headers [Hash{String => String}]
|
||||
# @param _body [Array{String}]
|
||||
# @return [Array{Integer,Hash{String => String},Array{String}}]
|
||||
# @param _body [Array<String>]
|
||||
# @return [Array{Integer,Hash{String => String},Array<String>}]
|
||||
def decorate_other_response(status_code, headers, _body)
|
||||
if status_code == 400
|
||||
case status_code
|
||||
when 400
|
||||
[status_code, headers, ['Bad Request']]
|
||||
elsif status_code == 401
|
||||
when 401
|
||||
[status_code, headers, ['Unauthorized']]
|
||||
end
|
||||
end
|
||||
|
||||
# @param changes [Array{Symbol}]
|
||||
# @param myips [Array{String}]
|
||||
# @param changes [Array<Symbol>]
|
||||
# @param myips [Array<String>]
|
||||
# @return [String]
|
||||
def get_success_body(changes, myips)
|
||||
changes.map { |change| change == :good ? "Changed to #{myips.join(' ')}" : "No change needed for #{myips.join(' ')}" }.join("\n")
|
||||
|
@@ -18,7 +18,7 @@ module Dyndnsd
|
||||
|
||||
@registry = options[:registry] || Metriks::Registry.default
|
||||
@interval = options[:interval] || 60
|
||||
@on_error = options[:on_error] || proc { |ex| }
|
||||
@on_error = options[:on_error] || proc { |ex| } # default: ignore errors
|
||||
end
|
||||
|
||||
# @return [void]
|
||||
@@ -28,11 +28,9 @@ module Dyndnsd
|
||||
sleep @interval
|
||||
|
||||
Thread.new do
|
||||
begin
|
||||
write
|
||||
rescue StandardError => e
|
||||
@on_error[e] rescue nil
|
||||
end
|
||||
write
|
||||
rescue StandardError => e
|
||||
@on_error[e] rescue nil
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -96,8 +94,8 @@ module Dyndnsd
|
||||
# @param file [String]
|
||||
# @param base_name [String]
|
||||
# @param metric [Object]
|
||||
# @param keys [Array{Symbol}]
|
||||
# @param snapshot_keys [Array{Symbol}]
|
||||
# @param keys [Array<Symbol>]
|
||||
# @param snapshot_keys [Array<Symbol>]
|
||||
# @return [void]
|
||||
def write_metric(file, base_name, metric, keys, snapshot_keys = [])
|
||||
time = Time.now.to_i
|
||||
|
@@ -18,10 +18,10 @@ module Dyndnsd
|
||||
return if !db.changed?
|
||||
|
||||
Helper.span('updater_update') do |span|
|
||||
span.set_tag('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
|
||||
span.set_attribute('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
|
||||
|
||||
# write zone file in bind syntax
|
||||
File.open(@zone_file, 'w') { |f| f.write(@generator.generate(db)) }
|
||||
File.write(@zone_file, @generator.generate(db))
|
||||
# call user-defined command
|
||||
pid = fork do
|
||||
exec @command
|
||||
|
@@ -35,7 +35,7 @@ module Dyndnsd
|
||||
# @return [void]
|
||||
def update(db)
|
||||
Helper.span('updater_update') do |span|
|
||||
span.set_tag('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
|
||||
span.set_attribute('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
|
||||
|
||||
soa_rr = Resolv::DNS::Resource::IN::SOA.new(
|
||||
@zone_nameservers[0], @zone_email_address,
|
||||
@@ -85,7 +85,7 @@ module Dyndnsd
|
||||
|
||||
# converts into suitable parameter form for Async::DNS::Resolver or Async::DNS::Server
|
||||
#
|
||||
# @param endpoint_list [Array{String}]
|
||||
# @param endpoint_list [Array<String>]
|
||||
# @return [Array{Array{Object}}]
|
||||
def self.parse_endpoints(endpoint_list)
|
||||
endpoint_list.map { |addr_string| addr_string.split('@') }
|
||||
@@ -139,7 +139,7 @@ module Dyndnsd
|
||||
|
||||
# @param name [String]
|
||||
# @param resource_class [Resolv::DNS::Resource]
|
||||
# @param transaction [Async::DNS::Transaction]
|
||||
# Since solargraph cannot parse this: param transaction [Async::DNS::Transaction]
|
||||
# @return [void]
|
||||
def process(name, resource_class, transaction)
|
||||
if name != @domain || resource_class != Resolv::DNS::Resource::Generic::Type252_Class1
|
||||
|
@@ -1,5 +1,5 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
module Dyndnsd
|
||||
VERSION = '2.3.0'
|
||||
VERSION = '3.6.0'
|
||||
end
|
||||
|
@@ -1,12 +1,12 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
require_relative 'spec_helper'
|
||||
require_relative '../spec_helper'
|
||||
|
||||
describe Dyndnsd::Daemon do
|
||||
include Rack::Test::Methods
|
||||
|
||||
def app
|
||||
Dyndnsd.logger = Logger.new(STDOUT)
|
||||
Dyndnsd.logger = Logger.new($stdout)
|
||||
Dyndnsd.logger.level = Logger::UNKNOWN
|
||||
|
||||
config = {
|
||||
@@ -24,9 +24,7 @@ describe Dyndnsd::Daemon do
|
||||
|
||||
app = Rack::Auth::Basic.new(daemon, 'DynDNS', &daemon.method(:authorized?))
|
||||
|
||||
app = Dyndnsd::Responder::DynDNSStyle.new(app)
|
||||
|
||||
Rack::Tracer.new(app, trust_incoming_span: false)
|
||||
Dyndnsd::Responder::DynDNSStyle.new(app)
|
||||
end
|
||||
|
||||
it 'requires authentication' do
|
13
upgrade-version.sh
Executable file
13
upgrade-version.sh
Executable file
@@ -0,0 +1,13 @@
|
||||
#!/bin/bash -eux
|
||||
|
||||
sed -i "s/$1/$2/g" lib/dyndnsd/version.rb
|
||||
|
||||
release_date=$(LC_ALL=en_US.utf8 date +"%B %-d, %Y")
|
||||
|
||||
if grep "## $2 (" CHANGELOG.md; then
|
||||
true
|
||||
elif grep "## $2" CHANGELOG.md; then
|
||||
sed -i "s/## $2/## $2 ($release_date)/g" CHANGELOG.md
|
||||
else
|
||||
echo "## $2 ($release_date)" >> CHANGELOG.md
|
||||
fi
|
Reference in New Issue
Block a user